Sunday, September 1, 2013

There's a fascinating report in the Washington Post about the dimensions of US offensive cyber-operations. Here are a few excerpts.

Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed “covert implants,” sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions.

The documents provided by Snowden and interviews with former U.S. officials describe a campaign of computer intrusions that is far broader and more aggressive than previously understood. The Obama administration treats all such cyber-operations as clandestine and declines to acknowledge them.

and

The administration’s cyber-operations sometimes involve what one budget document calls “field operations” abroad, commonly with the help of CIA operatives or clandestine military forces, “to physically place hardware implants or software modifications.”

Much more often, an implant is coded entirely in software by an NSA group called Tailored Access Operations (TAO). As its name suggests, TAO builds attack tools that are custom-fitted to their targets.

The NSA unit’s software engineers would rather tap into networks than individual computers because there are usually many devices on each network. Tailored Access Operations has software templates to break into common brands and models of “routers, switches and firewalls from multiple product vendor lines,” according to one document describing its work.

The implants that TAO creates are intended to persist through software and equipment upgrades, to copy stored data, “harvest” communications and tunnel into other connected networks. This year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others.

The focus on routers, switches, and firewalls is very interesting and news. To the best of my knowledge, nothing like this is known to the computer security industry. No doubt the NSA is careful to test its efforts first, to ensure they aren't detected.

However, the hunt will be on now.

This suggests also a new market niche doing intrusion detection on these kinds of infrastructure components. However, it's not clear that a US based firm could be a very credible provider...

Friday, August 30, 2013

Indian government to ban use of US email services for official communication. There's going to be a lot more of this kind of thing, I think.

Kevin Drum bashes the Obama administration over Syria. My general sense is that there are no good options here. If we, collectively, do nothing, we are no doubt in for an ongoing and regular diet of headlines and youtube videos of Syrian kids being massacred with nerve gas. Being able to clear neighborhoods cheaply is pretty handy for a dictator with his back to the wall and Assad will do it again if he thinks he can. On the other hand, a limited bombing campaign is likely to be illegal, unpopular, and fairly ineffectual, particularly given the warning the Syrian government has had. On the third hand, a major involvement in the war would be very costly in lots of ways, and it's completely unclear that the end result would be a better regime. Anyone who suggests there are any simple good options here isn't thinking it through. It's fairly likely to suck regardless of what we do, just in different ways.

Monday, August 19, 2013

This detention of Glenn Greenwald's partner under British anti-terrorism laws, while flying from Germany to Brazil, is absolutely and completely outrageous. This is clearly harassment of journalists for publishing stories that authorities don't like, and strikes at the heart of freedom of speech. If you weren't already convinced that the intelligence/anti-terrorism apparatus in Western countries is out of control, I imagine this will push you a bit further in that direction.

Friday, August 16, 2013

The European economy grew very slightly in Q2. The graph of European (and US) GDP is above. I think it's too soon to be certain that Europe is out of the woods, but this last data point certainly does make the graph look less dismal.

NSA surveillance leaks make national cyberdefense plan politically infeasible. In general, I'm strongly in favor of national cyberdefense, and I research/design/build network intrusion detection systems for a living. However, I have to admit that at this point I wouldn't trust the NSA with access to such systems either. This is exactly why, in a democracy, major policy changes shouldn't be pursued in secret; it's toxic when it comes out.

Bruce Schneier: "Since the Snowden documents became public, I have been receiving e-mails from people seeking advice on whom to trust. As a security and privacy expert, I'm expected to know which companies protect their users' privacy and which encryption programs the NSA can't break. The truth is, I have no idea. No one outside the classified government world does. I tell people that they have no choice but to decide whom they trust and to then trust them as a matter of faith. It's a lousy answer, but until our government starts down the path of regaining our trust, it's the only thing we can do."

Tuesday, August 13, 2013

Monday, August 5, 2013

The above is European unemployment. Is that a slight hint of improvement, finally, there at the end? Or just noise? Too soon to tell.

Apparently, if you set up a decoy water treatment plant control system on the Internet, there are a lot of groups willing and able to compromise it and take over the non-existent water plant. The implication is that critical infrastructure like this has probably been extensively compromised by foreign intelligence agencies. Maybe folks should be getting a few extra plastic tanks for the basement?

Sounds like NSA wiretaps are actually being used to initiate normal criminal cases, and agents are being trained to conceal the fact on a large scale. Great, just great.

European retail trade is below. Although the last month was down a little bit, the last six months in the aggregate appear to have stopped trending down.

Actions

About Me

I'm a scientist and innovator in the technology industry, with a broad range of interests and experiences. I have a Physics PhD, MS in CS, and have done research, lived in cohousing communities, run a business, and designed technology products. Professionally, I have mainly worked on computer security problems. Currently I'm Adjunct Professor of Computer Science at Cornell, but this blog represents my views only.
Email me at stuart -- at -- earlywarn -- dot -- org. I do read all email, but because the blog is a part-time unfunded enterprise, I often fail to reply due to lack of time - apologies.